CVE-2017-9024

{"id": "CVE-2017-9024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-21T14:29:00.227", "references": [{"url": "http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/42041/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname."}, {"lang": "es", "value": "Secure Bytes Cisco Configuration Manager, tal como se incorpora en la versi\u00f3n 3.0 de Secure Cisco Auditor (SCA) de Secure Bytes, tiene un problema de salto de directorio en su servidor TFTP, permitiendo a los atacantes leer los archivos arbitrarios por medio de secuencias ../ en un par\u00e1metro pathname."}], "lastModified": "2021-09-09T17:22:45.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:secure-bytes:secure_cisco_auditor:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE071175-0D01-4DB4-AAB3-D2E6020CCCF6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}